Advanced setup

Advanced setup when installing SonarQube Server from the ZIP file.

Self Signed Certificates of DevOps platforms

In a ZIP installation, the systems truststore can be found in $JAVA_HOME/lib/security/cacerts. In order to add a new certificate to the truststore you can use the following command as an example:

keytool -importcert -file $PATH_TO_CERTIFICATE -alias $CERTIFICATE_NAME -keystore /$JAVA_HOME/lib/security/cacerts -storepass changeit -trustcacerts -noprompt

Changing SonarQube DNS cache TTL

When reporting Quality Gate status to DevOps platforms, SonarQube uses a DNS cache time to live policy of 30 seconds. If necessary, you can change this setting in your JVM:

echo "networkaddress.cache.ttl=5" >> "${JAVA_HOME}/conf/security/java.security"

Please be aware that low values increase the risk of DNS spoofing attacks.

Adjusting Java executable path

By default, the scripts will use the Java executable available in the PATH. If multiple versions of Java are installed on your server, you may need to explicitly define which version is used.

It is possible to overwrite the default Java executable by setting the environmental variable SONAR_JAVA_PATH.

Linux

export SONAR_JAVA_PATH="path/to/java_home/bin/java"

Windows

setx SONAR_JAVA_PATH "C:\Program Files\java_home\bin\java.exe"

Enabling IPv6

On your SonarQube host:

Enable IPv6 in the JVM by setting the JAVA_TOOL_OPTIONS environment variable to -Djava.net.preferIPv6Addresses=true.
Enable IPv6 in SonarQube by setting the sonar.web.javaAdditionalOpts system property to -Djava.net.preferIPv6Addresses=true in the SonarQube configuration file (<sonarQubeHome>/conf/sonar.properties).

In case of a Data Center Edition, perform both steps on all application nodes. Perform only the first step on the search nodes.

Keeping user sessions alive on server restart

To maintain your user sessions accross server restarts:

Store the JWT token you generated during pre-installation (see Defining a JWT token) in the sonar.auth.jwtBase64Hs256Secret system property. See Configuration methods.

In case of a Data Center Edition, the same token must be stored on each application node.

Installation overview
Basic installation
Configuring network security features:
- Securing behind a proxy
- Network rules
Starting / stopping server
Running as a service
Installing the Data Center Edition from the ZIP file: Installing from ZIP file
System properties:Configuration methods

PreviousBasic installation NextStarting / stopping server

Last updated 15 days ago

Was this helpful?

Self Signed Certificates of DevOps platforms

Changing SonarQube DNS cache TTL

Adjusting Java executable path

Enabling IPv6

Keeping user sessions alive on server restart

Related pages